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DETAILED ACTION 

1. Claims 1-21 have been examined. 

Claim Rejections ■ 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign 
country or in public use or on sale in this country, more than one year prior to the date 
of application for patent in the United States. 

3. Claims 1-21 are rejected under 35 U.S.C. 102 (b) as being anticipated by a 
Publication title "A Security Paradigm for Web Databases" (hereinafter referred to as "99 
Security) (Publication Date 1999) (reference U) 

4. As per claims 1.4.8.10*11.15 "99 Security discloses a method for intercepting 
a command sent to a manager program generated by a client program and determining 
whether said command is characteristic of a normal application program, [Page 2, 
under the Title " The Web Database Security Server" and page 3, figure 1, reference 
"Web Database Security Server"] 

• Intercepting said command; [Page 2, Column 2, reference number "(1)" 
"Secure Log On Procedure" and Page 3, figure 1; Page 3, column 1; Page 2, 
column 1, 2 nd Paragraph and page 2, column 2, 2 nd paragraph] 
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(Users/ clients or Tier 1, request information from their browsers. The 
request/ command of the user/ client is to access information from the secure 
database through the Database Management System or Tier 4 or from Data 
Server Tier 4. This request/command is intercepted by the Web Database 
Security Server or Tier 3, which is acting like the firewalls but provide even 
more services than a firewall as explained on page 3, column 1) 

• Preventing the direct sending of said command from said client program 
to said manager program; [Page 2, Column 2, reference number "(1)" "Secure Log 
On Procedure" and Page 3, figure 1; page 3, column 1 and 2; Page 2, column 1, 
2 nd Paragraph and page 2, column 2, 2 nd paragraph] (Tier 3 or "WdbSS" 
prevents Tier 1 or the client from sending command/ request directly to the Tier 
4, meaning the request is intercepted by the "WdbSS") 

• Performing an analysis upon said command; [Page 2, under the Title 
"The Web Database Security Server"; [Page 2, column 2, reference number "(1)" 
w 2Y3Y(4)y(5) M and a (6)"; page 3; page 2, column 1, 2 nd Paragraph; page 2, 
column 2, 2 nd paragraph] 

• Sending said command to said manager program if said analysis 
determines that said command is characteristic of a normal application program 
and preventing said command from reaching said manager program if said 
analysis determines that said command is not characteristic of a normal 
application program; [Page 2, column 2, reference number "(4)" and Page 2, 
Column 2, reference number "(l)"-"(6) w and Page 3, columns 1 and 2; Page 2, 1 st 
column, 2 nd Paragraph and page 2, 2 nd column] whereby 

• Said manager program is protected from commands that are sent from a 
client program that is under control of an attacker. [ Page 2, column 2, 2 nd 
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paragraph under the Title "The Web Database Security Server", the last 5 lines; 
Page 3 , columns 1-2] (On the above stated pages it is disclosed by the reference 
that the integrated security component implemented in Tier 3 acts as the 
WdbSS, and will provide some of the security services for the network as well as 
the security services for the secure database. The reference on page 3 also 
discloses that the WdbSS provides many more services than the conventional 
firewalls for SQL and it also discloses that the WdbSS provides an additional 
firewall, checking not only the URL of the user, but also whether or not a valid 
database operation is being requested.) 

5. As per claims 2 and 9 . "99 Security the method of intercepting a command 
sent to a manager program as applied to claims 1 and 8 above. Furthermore "99 
Security discloses the method further comprising the step of: permanently storing said 
command. [Page 2, Column 1, 1 st Paragraph and figure 3, reference "DBMS"] ( A 
"DBMS" by definition is nothing but a collection of programs that enables the clients to 
store , modify, and extract information command/ query/ request from a database) 

6. As per claims 6, 11 and 13 . "99 Security the method of intercepting a 
command sent to a manager program as applied to claim 1 above. Furthermore "99 
Security discloses the method wherein, said manager program is a database 
manager, [Page 3, figure 1, reference "DBMS"] 

7. As per claims 7.12 and 16 "99 Security.the method of intercepting a 
command sent to a manager program as applied to claim 1 above. Furthermore "99 
Security discloses the method wherein, said command is a Structured Query Language 
query. [ Page 1, column 2, paragraph 1; Page 2, Column 2, 2 nd paragraph] (On these 
paragraphs mentioned above, "SQL" is mentioned on page 1, column 2, paragraph 2 
and it is also disclosed that the Tier 3, "WdbSS" is the middleware including JDBC. And 
It is known that JDBC or Java Database Connectivity, a Java API that enables Java 
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programs to execute SQL statements. This allows Java programs to interact with any 
SQL-compliant database. Since nearly all relational database management systems 
(DBMSs) support SQL, and because Java itself runs on most platforms, JDBC makes it 
possible to write a single database application that can run on different platforms and 
interact with different DBMSs.) 

8. As per claims 17.18 and 19 "99 Security discloses the method as applied to 
claim 13 above. Furthermore "99 Security discloses the method wherein, said storage 
manager comprises an indexed file system storage. [Page 2, column 1, paragraph "2"] 
(Ftp is file Transfer Protocol, the protocol for exchanging files over the Internet. FTP 
works in the same way as HTTP for transferring Web pages from a server to a user's 
browser and SMTP for transferring electronic mail across the Internet in that, like these 
technologies, FTP uses the Internet's TCP/IP protocols to enable data transfer.) 



Claim Rejections - 35 USC §103 



9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not 
identically disclosed or described as set forth in section 102 of 
this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made ,to a 
person having ordinary skill in the art to which said subject matter 
pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 



Claims 3.5.14. 20 and 21 are rejected under 35 U.S.C. 103 (a) as being 
unpatentable over a Publication title "A Security Paradigm for Web Database" 
(hereinafter referred to as "99 Security) (Publication Date '1999) (reference U) in 



Application/Control Number: 09/838,904 Page 6 

Art Unit : 2132 

view of Victor Kouznets v (hereinafter referred as Kouzn tsov) (U.S. Patent 
No: 6, 725,377) 

11. As per claims 3. 5.14. 20 and 21 . "99 Security discloses a firewall/ Web 

Database Security Server capable of intercepting a request/command preventing 
unauthorized access to a network [Page 2, Column 1, paragraph 2 nd ] 

"99 Security further discloses 

• Intercepting said command; [Page 2, Column 2, reference number "(1)" 
"Secure Log On Procedure" and Page 3, figure 1; Page 3, column 1; Page 2, 
column 1, 2 nd Paragraph and page 2, column 2, 2 nd paragraph] 

(Users/ clients or Tier 1, request information from their browsers. The 
request/ command of the user/client is to access information from the secure 
database through the Database Management System or Tier 4 or from Data 
Server Tier 4. This request/command is intercepted by the Web Database 
Security Server or Tier 3, which is acting like the firewalls but provide even 
more services than a firewall as explained on page 3, column 1) 

• Preventing the direct sending of said command from said client program 
to said manager program; [Page 2, Column 2, reference number "(1)" "Secure Log 
On Procedure" and Page 3, figure 1; page 3, column 1 and 2; Page 2, column 1, 
2 nd Paragraph and page 2, column 2, 2 nd paragraph] (Tier 3 or "WdbSS" 
prevents Tier 1 or the client from sending command/ request directly to the Tier 
4, meaning the request is intercepted by the "WdbSS") 

• Performing an analysis upon said command; [Page 2, under the Title 
"The Web Database Security Server"; [Page 2, column 2, reference number "(1)" 
"2","3Y(4)Y(5)" and "(6)"; page 3; page 2, column 1, 2 nd Paragraph; page 2, 
column 2, 2 nd paragraph] 
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• Sending said command to said manager program if said analysis 
determines that said command is characteristic of a normal application program 
and preventing said command from reaching said manager program if said 
analysis determines that said command is not characteristic of a normal 
application program; [Page 2, column 2, reference number "(4)" and Page 2, 
Column 2, reference number w (l) w -"(6) w and Page 3, columns 1 and 2; Page 2, 1 st 
column, 2 nd Paragraph and page 2, 2 nd column] whereby 

• Said manager program is protected from commands that are sent from a 
client program that is under control of an attacker. [ Page 2, column 2, 
2nd paragraph under the Title "The Web Database Security Server", the 
last 5 lines; Page 3 , columns 1-2] (On the above stated pages it is 
disclosed by the reference that the integrated security component 
implemented in Tier 3 acts as the WdbSS, and will provide some of the 
security services for the network as well as the security services for the 
secure database. The reference on page 3 also discloses that the WdbSS 
provides many more services than the conventional firewalls for SQL and 
it also discloses that the WdbSS provides an additional firewall, checking 
not only the URL of the user, but also whether or not a valid database 
operation is being requested.) 

"99 Security does not explicitly teach 

• Alerting an administrator through a, notification channel if said 
analysis determines that said command is not characteristic of a normal 
application program. And 

• Storing attacker patterns that correspond to commands 
generated by a client program that is under control of an attacker, said 
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analyzing step comprises: determining whether said command 
corresponds to said stored attacker patterns, and determining that said 
command is not characteristic of a normal application program if said 
analysis determines that said command corresponds to any of said 
attacker patterns. 

However, in the same field of endeavor, Kouznetsov discloses 

• Alerting an administrator through a, notification channel if said 
analysis determines that said command is not characteristic of a normal 
application program [column 1, lines 49-62; column 1, lines 49-column 2, lines 
13) 

• Storing attacker patterns that correspond to commands 
generated by a client program that is under control of an attacker, said 
analyzing step comprises: determining whether said command corresponds to 
said stored attacker patterns, and determining that said command is not 
characteristic of a normal application program if said analysis determines that 
said command corresponds to any of said attacker patterns, [column 1, lines 49- 
column 2, line 13; Column 5, lines 14-20;column 5, lines 24-36; "Abstract"] 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the altering and the storing of an attacker 
patterns as per teachings of Kouznetsov in to the method of intercepting, 
preventing and performing analysis of the command/ request before they are 
sent to the manager program as taught by "99 Security for the purpose of 
strengthening the security of the database from being easily attacked by 
malicious hackers. 
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Conclusion 



12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 
571-272-3806. The examiner can normally be reached on Monday-Friday (8:00 
am— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http: / / pair- 
direct. uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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